Sizing considerations

Note This section provides guidance on how to size the Sophos Mobile server based on some key criteria. The recommendations are based on default settings of the relevant configuration parameters and on a reasonable distribution of device types, tenants (customers) and administrators. If the setup for a customer differs significantly, the suggested values must to be modified.

Activities that generate load

The following activities generate load on the Sophos Mobile server:

  • Administrator interaction: Any administrator interactively working in a customer account generates load. The load depends on the amount of interactive actions and the number of devices for that customer.
  • Sophos Mobile Self Service Portal interaction: A user interacting with Sophos Mobile Self Service Portal generates load. The number of concurrent sessions is relevant for the sizing of a server.
  • Device Sync: The devices synchronize with the server in predefined intervals. Each sync operation generates load. The number of devices and the interval are relevant for the sizing of a server.
  • Policy/app distribution: Any device interaction, like lock or wipe, policy updates or app distribution generates server load. The server is able to distribute the load over time (batching), but the server must be sized to handle that additional load.
  • Mail traffic: The EAS proxy acts as a gateway for email communication. The server load depends on the number of devices syncing email and the sync period. If the EAS proxy is installed on a different server, this load can be neglected. More than one active EAS proxy can add to the server load, as the device status must be fetched regularly. Please note that, because all email traffic passes the EAS proxy, sufficient network bandwidth is required.

System components

A Sophos Mobile system can be divided into 3 main components:

  • Sophos Mobile server: The server manages all administrator and user interactions, the device sync and the policy and app distribution.
  • Database server: The database server (DB server) handles all read and write activities and queries. Most of the SMC server activities result in a DB server action. The DB server can be installed either on the same or different hardware server as the Sophos Mobile server.
  • EAS proxy: All email traffic passes the EAS proxy. It is installed either as a component of the Sophos Mobile server (internal EAS proxy) or as a separate component on one or more external servers (standalone EAS proxy).

Sophos Mobile server sizing

Definitions:

  • 1 CPU equals to an Intel XEON core with 2.5 GHz.
  • Memory values are in GB.
  • System environment: Windows Server 2012 R2, Microsoft SQL 2012 Standard.
  • The Sophos Mobile database is the only database on that SQL server.
  • Sophos Mobile 9.7 latest patch level.
  • Device default sync cycle of 24 hours.

Sophos Mobile server

DB server

# of devices

CPU

Memory

CPU

Memory

Comments

Up to 200

1

4

-

-

MS-SQL Express is sufficient

Up to 500

2

4

-

-

MS-SQL Express is sufficient

Up to 1.000

2

4

-

-

MS-SQL Express is sufficient

2

4

2

2

Up to 2.000

4

8

-

-

2

4

2

4

Up to 5.000

4

8

4

4

Up to 10.000

8

8

4

8

Up to 20.000

8

16

8

16

Sophos Mobile fully supports VMWare virtual environments. The sizing recommendations are expected to suit virtual environments as well. Because there might be some other influences on the virtualized servers, Sophos cannot confirm 100% matching performance in virtual environments.

Sophos Mobile has no hard limit at 20.000 devices. But any sizing beyond this requires detailed input on the parameter, like sync cycle, number of tenants, device mix and number of interactive users. Also, any sizing beyond 20.000 devices requires a cluster setup.

If you need to manage more than 20.000 devices, please contact product management.

EAS proxy sizing

Sophos Mobile offers two EAS proxy components. The internal EAS proxy is part of the Sophos Mobile server and can be used for a simple setup in smaller installations. The internal EAS proxy is recommended for installations with no more than 500 devices syncing emails and if no failover or clustering is required.

The standalone or external EAS proxy is recommended for larger installations, if device management and email proxy have to separate or clustering is required.

The EAS proxy does not require a lot of CPU or memory, but its key limitation is bandwidth. As the EAS proxy is critical for the delivery of email, for large installations, we recommend you use multiple instances of EAS proxies behind a load balancer. Note that this setup is not required for the PowerShell mode.

Sizing recommendation for EAS proxy: 1 CPU and 2 GB of memory.

Database sizing

The size of the database depends on the following factors:

  • The mobile platforms you want to manage (Android, iOS, macOS, Windows, Chrome OS).
  • The used database (MS-SQL or MySQL).
  • The data on the mobile devices (e.g. the number of installed apps).
  • Apps to be published on the Sophos Mobile server.
  • Documents to be published on the Sophos Mobile server.

Some real world examples show 0.2 MB per device, thus a 500 device server uses 25 MB.

On most customer installation, the required database size is strongly influenced by the number of apps and documents published through Sophos Mobile.

For installation beyond 500 devices, you should consider using an MS-SQL Standard server instead of an MS SQL Express edition.

Network sizing

To properly size the network connection to Sophos Mobile, please use the following data as a guideline. An Sophos Mobile managed device normally synchronizes once a day with the server. In this synchronization cycle, information like device properties, security information, app list and certificates are exchanged. On an average device, please calculate the following data usage per device:

Device type

Data volume

Android

50 KB

iPhone, iPad

100 KB

Mac

150 KB

Windows computer

100 KB

Chrome device

10 KB

The majority of network traffic is generated by the distribution of apps, documents and policies to the devices. The network sizing should take this into account. The server handles any of these device interactions in batches of 500 devices to avoid overloading of the server and the network. Apps and documents can be calculated with an overhead of 10% of the app or document size. A policy push is about the same size as a device sync.

Sophos Intercept X for Mobile data usage

Sophos Intercept X for Mobile is a security app for Android devices that protects devices from malicious apps and assists end users in detecting app permissions that could be a security risk. Its web filtering capability allows you to filter websites by category and lets you block inappropriate content.

On devices that have Sophos Intercept X for Mobile installed, the following network traffic occurs:

  • On each malware scan, 256 bytes per app are used for online look-ups against the latest threat data in the SophosLabs database.
  • For downloading data updates for the antivirus engine, 10-20 KB per day are used on average.

Sophos Chrome Security data usage

Sophos Chrome Security is a security extension for Chrome devices. Its web filtering capability allows you to filter websites by category and lets you block inappropriate content.

On devices that have Sophos Chrome Security installed, the following network traffic occurs:

  • On each web page look-up against the SophosLabs database, about 800 bytes are used.